Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/y9uAGCONvqstezPxQAk-PtnGJn8.roa
File:                     y9uAGCONvqstezPxQAk-PtnGJn8.roa (raw, json)
Hash identifier:          2hQ17lR8xgsu0ik7iAOlbT1BVVZufhuDEjce5om4sWU=
Subject key identifier:   CB:DB:80:18:23:8D:BE:AB:2D:7B:33:F1:40:09:3E:3E:D9:C6:26:7F
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       018CC3B6BAA12A930C19E508EC8C2CC3CCA4
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/y9uAGCONvqstezPxQAk-PtnGJn8.roa
Signing time:             Mon 01 Jan 2024 06:29:41 +0000
ROA not before:           Mon 01 Jan 2024 06:29:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48011
IP address blocks:        88.209.249.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 00:09:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:ba:a1:2a:93:0c:19:e5:08:ec:8c:2c:c3:cc:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Jan  1 06:29:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cbdb8018238dbeab2d7b33f140093e3ed9c6267f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:76:ab:55:31:61:0f:3c:6f:d2:fa:15:09:ec:
                    7a:5d:fc:de:8c:b1:14:f0:a1:b8:97:af:82:25:5b:
                    50:5f:24:eb:8e:a7:03:81:b2:77:b8:40:5e:b4:3a:
                    8f:65:a3:51:d6:1a:a3:a4:03:f4:96:92:3c:47:46:
                    ba:90:09:38:c7:a6:09:c6:cb:36:f6:69:9e:21:67:
                    34:21:5a:c1:96:da:b0:76:ec:70:20:c7:76:2d:6f:
                    f1:b9:cb:8e:92:b7:d9:8d:3b:73:7a:f0:eb:cc:20:
                    2d:ca:64:90:90:1f:8a:67:5e:54:b9:9e:b6:88:d1:
                    80:96:c4:f5:02:db:f8:aa:be:79:dc:ff:2b:e6:b9:
                    e6:be:d5:11:13:5e:cf:4f:6f:eb:93:35:5c:e7:e8:
                    2d:ac:8b:df:44:02:e1:a8:2c:3e:a9:64:5f:9c:c2:
                    65:27:49:3c:d0:3a:58:d9:2e:af:82:4a:85:bc:d8:
                    e1:f5:f9:fd:d3:25:ed:77:20:30:30:87:af:61:e1:
                    a4:be:c9:b3:d9:40:a9:af:6a:32:1e:d8:79:ee:6c:
                    a2:bb:ea:95:15:fc:49:64:ba:03:bd:d7:3f:73:49:
                    b7:21:42:b2:ce:50:19:4e:00:f3:66:0a:81:63:0e:
                    68:1e:ab:02:cd:d6:4a:7b:64:38:13:87:7a:2e:fb:
                    63:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:DB:80:18:23:8D:BE:AB:2D:7B:33:F1:40:09:3E:3E:D9:C6:26:7F
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/y9uAGCONvqstezPxQAk-PtnGJn8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.209.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:09:de:b4:20:ce:ae:16:2d:d7:86:be:d2:4a:59:ed:6c:cf:
         3a:60:71:96:46:90:a7:19:dd:fd:7d:ed:bc:c7:77:a9:89:80:
         cb:4b:15:da:2a:d6:7c:9a:13:de:0a:67:d0:f8:dd:ef:e0:36:
         b1:84:92:97:5d:f9:47:67:05:b6:2d:bb:11:64:4f:cd:d9:82:
         89:4d:49:5f:e3:ba:07:d8:89:86:16:08:45:c6:49:ac:84:08:
         eb:04:99:5e:99:42:f0:0c:bb:1c:2f:8a:31:9e:78:a8:54:5d:
         48:2e:9d:cd:a4:04:03:cd:8c:15:ce:0e:78:a2:00:4d:6f:8f:
         c4:75:76:73:94:5c:1a:a3:f3:dc:cb:d5:65:d3:fe:04:da:52:
         b1:70:5d:77:e9:8a:cc:ba:d9:01:2d:19:75:a0:42:e7:0c:3b:
         60:4f:9f:be:51:cf:af:97:3d:c1:33:d1:49:27:ba:05:37:fc:
         a8:10:40:57:fe:04:5c:3a:3c:44:57:a3:1c:fd:32:86:1f:68:
         e3:fe:40:73:e9:c9:60:d2:d5:45:99:5e:a6:06:28:1c:b9:7a:
         f6:5d:8d:d8:2e:00:70:4e:51:bc:ac:f1:b7:ab:d5:2b:7c:bd:
         e3:e8:fd:98:bf:fa:66:f2:23:09:7d:4b:1d:05:96:13:b4:87:
         2b:8f:45:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtrqhKpMMGeUI7Iwsw8ykMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjQwMTAxMDYyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYmRiODAxODIzOGRiZWFiMmQ3YjMzZjE0MDA5M2UzZWQ5YzYyNjdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAznarVTFhDzxv0voVCex6XfzejLEU
8KG4l6+CJVtQXyTrjqcDgbJ3uEBetDqPZaNR1hqjpAP0lpI8R0a6kAk4x6YJxss2
9mmeIWc0IVrBltqwduxwIMd2LW/xucuOkrfZjTtzevDrzCAtymSQkB+KZ15UuZ62
iNGAlsT1Atv4qr553P8r5rnmvtURE17PT2/rkzVc5+gtrIvfRALhqCw+qWRfnMJl
J0k80DpY2S6vgkqFvNjh9fn90yXtdyAwMIevYeGkvsmz2UCpr2oyHth57myiu+qV
FfxJZLoDvdc/c0m3IUKyzlAZTgDzZgqBYw5oHqsCzdZKe2Q4E4d6LvtjywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMvbgBgjjb6rLXsz8UAJPj7ZxiZ/MB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEveTl1QUdDT052cXN0ZXpQeFFBay1QdG5HSm44LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWNH5MA0G
CSqGSIb3DQEBCwUAA4IBAQAACd60IM6uFi3Xhr7SSlntbM86YHGWRpCnGd39fe28
x3epiYDLSxXaKtZ8mhPeCmfQ+N3v4DaxhJKXXflHZwW2LbsRZE/N2YKJTUlf47oH
2ImGFghFxkmshAjrBJlemULwDLscL4oxnnioVF1ILp3NpAQDzYwVzg54ogBNb4/E
dXZzlFwao/Pcy9Vl0/4E2lKxcF136YrMutkBLRl1oELnDDtgT5++Uc+vlz3BM9FJ
J7oFN/yoEEBX/gRcOjxEV6Mc/TKGH2jj/kBz6clg0tVFmV6mBigcuXr2XY3YLgBw
TlG8rPG3q9UrfL3j6P2Yv/pm8iMJfUsdBZYTtIcrj0U/
-----END CERTIFICATE-----